Beware: Hackers are Using the Coronavirus to Lure in Victims


The global panic about COVID-19 has everyone desperately searching for any morsel of new information about the virus. Adding to the chaos, cybercriminals are now using fake news about the outbreak to attract victims to infect with their malware, via Business Insider.

Hackers are circulating a fake dashboard that shows maps tracking the spread of the coronavirus, however, when the dashboard is opened, it will infect your computer with a virus. The irony is almost palpable.

Click To Tweet

Normally, health authorities and the media maintain dashboards that help track the spread of the virus as new cases trickle in from all parts of the world. Maps maintained by Johns Hopkins University or the New York Times are examples of reliable, non-malicious trackers.

Cybersecurity firm Reason Labs were the first to report that this was happening. The firm states that because of the ongoing panic, global news agencies are rushing to reach the demand the public has for new information about the pandemic. Since this demand is not being met, the public seeks out other sources.

Some of these sources may not be completely safe. “This demand creates a vulnerability that malicious actors have quickly taken advantage of by spreading malware disguised as a ‘Coronavirus map’,” reports Reason Labs.

The malicious web map looks very convincing, the GUI window loads information from the web as if it was legitimate. Unexperienced or uninformed users could easily fall for their appearance.

Cybersecurity researcher, Shai Alfasi found and analyzed the malware that had weaponised coronavirus map applications in order to steal credentials such as usernames, passwords, credit card numbers and other sensitive information that is stored in browsers.

Reason Labs notes that the malware is known as the AZORult, which is an information-stealing software first discovered in 2016. Cybercriminals use it to steal browser history, cookies, ID/passwords, cryptocurrency and more. AZORult can also install additional malware unto already infected machines and devices.

Commonly found on underground Russian forums, the malware is traded for the purpose of data theft. There is also a variant of AZORult that can be used to create a hidden admin account on your PC for the purpose of Remote Desktop Control – this is when a hacker can use your PC as if it was their own from the comfort of their lair.

Another security firm, Recorded Future, has found that cybercriminals are also inflicting new phishing attacks on users using information about COVID-19 to trick people, reports My Broadband.

“The technical threat surrounding COVID-19 primarily appears to be around phishing, with actors promising that attachments contain information about COVID-19,” the firm stated.

“Recorded Future observed an extensive list of actors and malware employing these techniques, including Trickbot, Lokibot, and Agent Tesla, targeting a broad set of victims, including those in the United States, Italy, Ukraine, and Iran in particular.”

Cybercrooks are impersonating representatives of the US CDC (Centres for Disease Control) and WHO (the World Health Organisation), attempting to lure victims into interacting with dangerous links or attachments.

The number of newly registered domains related to the coronavirus threat has increased as the outbreak has grown – many of these are being used to support phishing campaigns related to the outbreak.

With as much as 51 currently reported cases of the virus in South Africa, no doubt users will try to seek more information as the number of cases grows. Users are urged to seek out trusted sources and not unknown or unusual avenues for information about the virus, especially in Africa where users are more at risk of becoming victims to cybercrime

By Luis Monzon

Follow Luis Monzon on Twitter

Follow IT News Africa on Twitter